Foundation provided by:
Resources:
- CipherSweet Docs
- Building Searchable Encrypted Databases with PHP and SQL
- CipherSweet: Searchable Encryption Doesn't Have to be Bitter
- Blind Index Planning NB: Important
You can install the package via composer:
composer require garethnic/eloquent-cipher
You can publish and run the migrations with:
php artisan vendor:publish --tag="eloquent-cipher-migrations"
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --tag="eloquent-cipher-config"
This is the contents of the published config file:
return [
/*
|--------------------------------------------------------------------------
| Cryptographic Backend
|--------------------------------------------------------------------------
|
| This controls which cryptographic backend will be used by CipherSweet.
| Unless you have specific compliance requirements, you should choose
| "nacl".
|
| Supported: "fips", "nacl"
|
*/
'backend' => env('CIPHERSWEET_BACKEND', 'nacl'),
/*
|--------------------------------------------------------------------------
| Key Provider
|--------------------------------------------------------------------------
|
| Select which key provider your application will use. The default option
| is to read a string literal out of .env, but it's also possible to
| provide the key in a file, use a custom key provider, or use random keys
| for testing.
|
| "string" is selected by default to read a key directly from your .env
| file. Use `artisan ciphersweet:generate:key` to securely generate that
| key.
|
| Supported: "custom", "file", "random", "string"
|
*/
'provider' => env('CIPHERSWEET_PROVIDER', 'string'),
/*
|--------------------------------------------------------------------------
| Key Providers
|--------------------------------------------------------------------------
|
| Set provider-specific options here. "string" will read the key directly
| from your .env file. "file" will read the contents of the specified file
| to use as your key. "custom" points to a factory class that returns a
| provider from its `__invoke` method. Please see the docs for more details.
|
*/
'providers' => [
'custom' => [
//'via' => \App\CipherSweetKey\CreateKeyProvider::class,
],
'file' => [
'path' => env('CIPHERSWEET_FILE_PATH'),
],
'string' => [
'key' => env('CIPHERSWEET_KEY'),
],
],
];
php artisan ciphersweet:generate:key
Once the configuration is done, you can begin using encrypted fields in your models.
<?php
use ParagonIE\CipherSweet\BlindIndex;
use ParagonIE\CipherSweet\EncryptedRow;
use Illuminate\Database\Eloquent\Model;
use ParagonIE\EloquentCipherSweet\CipherSweet;
class Blah extends Model
{
use CipherSweet;
protected static function configureCipherSweet(EncryptedRow $encryptedRow)
{
return $encryptedRow
->addTextField('id_number')
->addBlindIndex('id_number', new BlindIndex('users_id_number_index_1', [], 7));
}
public function getTable()
{
return 'users';
}
}
Where 7
above refers to the filter bits which is very important to get right. Refer to Blind Index Planning.
composer test
Please see CHANGELOG for more information on what has changed recently.
The MIT License (MIT). Please see License File for more information.